Add JDK-8275535 patch to fix LDAP authentication issue.

Resolves: rhbz#2053525
2022-02-28 06:35:30 +00:00 · 2022-02-28 06:35:30 +00:00 · 52c15259b0
parent 3bd296bf8b
commit 52c15259b0
2 changed files with 34 additions and 1 deletions
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@ -324,7 +324,7 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      7
+%global rpmrelease      8
 # Define milestone (EA for pre-releases, GA ("fcs") for releases)
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -1463,6 +1463,8 @@ Patch600: rh1750419-redhat_alt_java.patch
 Patch111: jdk8218811-perfMemory_linux.patch
 # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
 Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
+# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
+Patch113: jdk8275535-rh2053256-ldap_auth.patch

 #############################################
 #
@ -1888,6 +1890,7 @@ sh %{SOURCE12}
 %patch112
 %patch580
 %patch581
+%patch113

 # RPM-only fixes
 %patch539
@ -2655,6 +2658,10 @@ cjc.mainProgram(args)
 %endif

 %changelog
+* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-8
+- Add JDK-8275535 patch to fix LDAP authentication issue.
+- Resolves: rhbz#2053525
+
 * Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-7
 - Detect NSS at runtime for FIPS detection
 - Turn off build-time NSS linking and go back to an explicit Requires on NSS
--- a/jdk8275535-rh2053256-ldap_auth.patch
+++ b/jdk8275535-rh2053256-ldap_auth.patch
@ -0,0 +1,26 @@
+diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+index cf4becb7db..4ab2ac0a31 100644
+--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
+                     ctx = getLdapCtxFromUrl(
+                             r.getDomainName(), url, new LdapURL(u), env);
+                     return ctx;
+                } catch (AuthenticationException e) {
+                    // do not retry on a different endpoint to avoid blocking
+                    // the user if authentication credentials are wrong.
+                    throw e;
+                 } catch (NamingException e) {
+                     // try the next element
+                     lastException = e;
+@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
+         for (String u : urls) {
+             try {
+                 return getUsingURL(u, env);
+            } catch (AuthenticationException e) {
+                // do not retry on a different URL to avoid blocking
+                // the user if authentication credentials are wrong.
+                throw e;
+             } catch (NamingException e) {
+                 ex = e;
+             }